block cipher and des
TRANSCRIPT
1
Ch 3: Block Ciphers and Data Encryption Standard (DES)
Fourth Editionby William Stallings
Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of
Kentucky)
2
Modern Block Ciphers
• look at modern block ciphers
• one of the most widely used types of cryptographic algorithms
• provide secrecy /authentication services
• focus on DES (Data Encryption Standard)
to illustrate block cipher design principles
3
Block vs Stream Ciphers
• block ciphers process messages in blocks, each of which is then en/decrypted
• like a substitution on very big characters– 64-bits or more
• stream ciphers process messages a bit or byte at a time when en/decrypting
• many current ciphers are block ciphers
• broader range of applications
4
Block Cipher Principles
• most symmetric block ciphers are based on a Feistel Cipher Structure
• block ciphers look like an extremely large substitution
• would need table of 264 entries for a 64-bit block • instead create from smaller building blocks • using idea of a product cipher
5
Ideal Block Cipher
6
Claude Shannon and Substitution-Permutation Ciphers
• Claude Shannon introduced idea of substitution-permutation (S-P) networks in 1949
• form basis of modern block ciphers • S-P nets are based on the two primitive
cryptographic operations: – substitution (S-box)– permutation (P-box)
• provide confusion & diffusion of message & key
7
Diffusion and Confusion…
• Diffusion:
“The statistical structure of the plaintext is spread (dissipated) into long-range statistics of the ciphertext.”
• Achieved by having each plaintext digit affect the value of many ciphertext digits.
• Objective is to globalize the local affects.
8
Diffusion and Confusion…
• Confusion: “Attempts to make the relationship between the ciphertext and the encryption key as complex as possible.”
• Achieved by using a complex substitution algorithm.
• Even if an attacker can have some handle on the statistics of the ciphertext, it is very difficult to deduce the key.
9
Feistel Cipher Structure
• Horst Feistel devised the feistel cipher– based on concept of invertible product cipher
• partitions input block into two halves– process through multiple rounds which– perform a substitution on left data half– based on round function of right half & subkey– then have permutation swapping halves
• implements Shannon’s S-P net concept
10
Feistel Cipher Structure
11
Feistel Cipher Design Elements
• block size • key size • number of rounds • subkey generation algorithm• round function • fast software en/decryption
12
Feistel Cipher Decryption
13
Data Encryption Standard (DES)
• most widely used block cipher in world • adopted in 1977 by NBS (now NIST)• encrypts 64-bit data using 56-bit key• has widespread use• has been considerable controversy over
its security
14
DES History
• IBM developed Lucifer cipher– by team led by Feistel in late 60’s– used 64-bit data blocks with 128-bit key
• then redeveloped as a commercial cipher with input from NSA and others
• in 1973 NBS issued request for proposals for a national cipher standard
• IBM submitted their revised Lucifer which was eventually accepted as the DES
15
DES Design Controversy
• although DES standard is public• was considerable controversy over design
– in choice of 56-bit key (vs Lucifer 128-bit)– and because design criteria were classified
• subsequent events and public analysis show in fact design was appropriate
• use of DES has flourished– especially in financial applications– still standardised for legacy application use
16
17
DES…
• Initial Permutation (IP): The plaintext block undergoes an
intial permutation. > 64 bits of the block are permuted.• A Complex Transformation: 64 bit permuted block undergoes 16
rounds of complex transformation. (Using subkeys)
18
DES…
• 32-bit swap: 32 bit left and right halves of the
output of the 16th round are swapped.• Inverse Initial Permutation (IP-1): The 64 bit output undergoes a
permutation that is inverse of the intial permutation.
>The 64 bit output is the ciphertext.
19
20
DES
• The complex processing at each iteration/round:– Li = Ri-1
– Ri = Li-1 F(Ri-1, Ki)
•Details of function F: It takes 32 bits input and
produces a 32 bit output.
21
DES
• Details of function F: >32 bit input is expanded into 48
bits. -This is done by permuting and duplicating some bits of 32 bits. >Exclusive OR operation is
performed between these 48 bits and 48 bit subkey.
22
DES
•Details of function F:... > 48 bit output of the
Exclusive OR operation is grouped into 8 groups of 6 bits each.
> Each 6 bit group is fed into a 6-to-4 substitution box that transforms 6 bits to 4 bits.
23
DES
•Details of function F:... > 32 bit output of 8
substitution boxes is fed into a permutation box.
> The 32 bit output of the permutation box is F(Ri-1, Ki).
24
DES
•Concerns about:– The key length (56-bits)> 56 bit key was adequate in 70s.> With faster processors, this
encryption method is no longer safe.
25
Time to break a code (106 decryptions/µs)
26
Triple DEA
• Use three keys and three executions of the DES algorithm (encrypt-decrypt-encrypt)
• C = ciphertext• P = Plaintext• EK[X] = encryption of X using key K• DK[Y] = decryption of Y using key K
• Effective key length of 168 bits
C = EK3[DK2[EK1[P]]]
27
Triple DEA
28
Cipher Block Modes of Operation
• Cipher Block Chaining Mode (CBC) - A method to increase the security of DES or any block cipher.
– The input to the encryption algorithm is the XOR of the current plaintext block and the preceding ciphertext block.
- Processing of a sequence of plaintext blocks is chained together.
29
30
Basis of Cipher Block Chaining…
ii1i1iiK1i
i1iiK
i1iKKiK
i1iki
PPCC][CDC
)P(C][CD
)]P(C[ED][CD
]P[CEC